National Vulnerability Databasehttps://web.nvd.nist.gov/view/vuln/search
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.

2018-02-18T01:00:18Zen-usThis material is not copywritten and may be freely used, however, attribution is requested.CVE-2018-3610 (driver_&_support_assistant)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3610
SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the ability to read and writing to Memory Status registers potentially allowing information disclosure or a denial of service condition.2018-01-09T21:29:00ZCVE-2017-12169 (freeipa)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12169
It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users.2018-01-10T15:29:00ZCVE-2018-0001 (junos)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0001
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70.2018-01-10T22:29:00ZCVE-2018-0002 (junos)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0002
On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prior to 14.1R9 on MX series; 14.2 versions prior to 14.2R8 on MX series; 15.1X49 versions prior to 15.1X49-D60 on SRX series; 15.1 versions prior to 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 on MX series; 16.1 versions prior to 16.1R6 on MX series; 16.2 versions prior to 16.2R3 on MX series; 17.1 versions prior to 17.1R2-S4, 17.1R3 on MX series. No other Juniper Networks products or platforms are affected by this issue.2018-01-10T22:29:00ZCVE-2018-0003 (junos)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0003
A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3R12 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D45, 14.1X53-D107; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D65, 15.1X53-D231; 16.1 versions prior to 16.1R3-S6, 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2-S1, 16.2R3; 17.1 versions prior to 17.1R2-S2, 17.1R3; 17.2 versions prior to 17.2R1-S3, 17.2R2; 17.2X75 versions prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue.2018-01-10T22:29:01ZCVE-2018-0006 (junos)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0006
A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, leading to excessive memory allocation. This issue only affects devices configured for DHCPv4/v6 over AE auto-sensed VLANs, utilized in Broadband Edge (BBE) deployments. Other configurations are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R6-S2, 15.1R7; 16.1 versions prior to 16.1R5-S1, 16.1R6; 16.2 versions prior to 16.2R2-S2, 16.2R3; 17.1 versions prior to 17.1R2-S5, 17.1R3; 17.2 versions prior to 17.2R2.2018-01-10T22:29:01ZCVE-2018-0009 (junos)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0009
On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX series; 12.3X48 versions prior to 12.3X48-D55 on SRX series; 15.1X49 versions prior to 15.1X49-D100 on SRX series.2018-01-10T22:29:01ZCVE-2017-4949 (fusion, workstation)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4949
VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.2018-01-11T14:29:00ZCVE-2017-4950 (fusion, workstation)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4950
VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.2018-01-11T14:29:00ZCVE-2017-18016 (browser)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18016
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).2018-01-11T16:29:01ZCVE-2018-5347 (personal_cloud_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5347
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.2018-01-12T01:29:00ZCVE-2018-0486 (debian_linux, xmltooling-c)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0486
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.2018-01-13T18:29:00ZCVE-2018-5703 (linux_kernel)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5703
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.2018-01-16T09:29:00ZCVE-2018-5330 (p-660hw_v3_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5330
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets.2018-01-16T19:29:01ZCVE-2018-2566 (integrated_lights_out_manager_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2566
Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Difficult to exploit vulnerability allows low privileged attacker with network access via TLS to compromise Integrated Lights Out Manager (ILOM). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager (ILOM), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized access to critical data or complete access to all Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N).2018-01-18T02:29:17ZCVE-2018-2567 (communications_order_and_service_management)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2567
Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.1.x, 7.2.4.2.x, 7.3.0.x.x and 7.3.0.1.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Order and Service Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2018-01-18T02:29:17ZCVE-2018-2568 (integrated_lights_out_manager_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2568
Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized read access to a subset of Integrated Lights Out Manager (ILOM) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Integrated Lights Out Manager (ILOM). CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).2018-01-18T02:29:17ZCVE-2018-2569 (java_me)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2569
Vulnerability in the Java ME SDK component of Oracle Java Micro Edition (subcomponent: Installer). The supported version that is affected is 8.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to compromise Java ME SDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java ME SDK. Note: This applies to the Windows platform only. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).2018-01-18T02:29:17ZCVE-2018-2570 (communications_unified_inventory_management)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2570
Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Inventory Management. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).2018-01-18T02:29:17ZCVE-2018-2571 (communications_unified_inventory_management)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2571
Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).2018-01-18T02:29:17ZCVE-2018-2613 (argus_safety)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2613
Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Login). Supported versions that are affected are 7.x, 8.0.x and 8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data as well as unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).2018-01-18T02:29:19ZCVE-2018-2620 (primavera_unifier)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2620
Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Platform). Supported versions that are affected are 10.x, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data as well as unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2018-01-18T02:29:20ZCVE-2018-2642 (argus_safety)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2642
Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: File Upload). Supported versions that are affected are 7.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data as well as unauthorized read access to a subset of Oracle Argus Safety accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Argus Safety. CVSS 3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).2018-01-18T02:29:21ZCVE-2018-2643 (argus_safety)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2643
Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Case Selection). Supported versions that are affected are 7.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. While the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data as well as unauthorized read access to a subset of Oracle Argus Safety accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).2018-01-18T02:29:21ZCVE-2018-2644 (argus_safety)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2644
Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Worklist). Supported versions that are affected are 7.x, 8.0.x and 8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data as well as unauthorized read access to a subset of Oracle Argus Safety accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2018-01-18T02:29:21ZCVE-2018-2675 (java_advanced_management_console)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2675
Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).2018-01-18T02:29:22ZCVE-2018-0098 (wap150_firmware, wap361_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0098
A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve57076.2018-01-18T06:29:00ZCVE-2018-0099 (d9800_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0099
A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of GUI command arguments. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable GUI command. An exploit could allow the attacker to execute commands on the underlying BusyBox operating system. These commands are run at the privilege level of the authenticated user. The attacker needs valid device credentials for this attack. Cisco Bug IDs: CSCvg74691.2018-01-18T06:29:01ZCVE-2018-0100 (anyconnect_secure_mobility_client)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0100
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by injecting a crafted XML file with malicious entries, which could allow the attacker to read and write files. Cisco Bug IDs: CSCvg19341.2018-01-18T06:29:01ZCVE-2018-0106 (elastic_services_controller)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0106
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by accessing unauthorized information within the ConfD directory and file structure. Successful exploitation could allow the attacker to view sensitive information. Cisco Bug IDs: CSCvg00221.2018-01-18T06:29:01ZCVE-2018-0115 (staros)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0115
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332.2018-01-18T06:29:01ZCVE-2017-18046 (h640x_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18046
Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).2018-01-21T22:29:00ZCVE-2018-5960 (content_management_system)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5960
Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module.2018-01-22T01:29:00ZCVE-2018-5968 (jackson-databind)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5968
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.2018-01-22T04:29:00ZCVE-2018-5761 (cdm)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5761
A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter.2018-01-22T17:29:00ZCVE-2018-5999 (asuswrt)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5999
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.2018-01-22T20:29:00ZCVE-2018-6000 (asuswrt)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6000
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.2018-01-22T20:29:00ZCVE-2017-1000416 (axtls)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000416
axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050.2018-01-22T23:29:00ZCVE-2017-1000417 (matrixssl)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000417
MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.2018-01-22T23:29:00ZCVE-2018-0845 (office, office_compatibility_pack, word)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0845
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka &quot;Microsoft Word Remote Code Execution Vulnerability&quot;. This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.2018-01-22T23:29:00ZCVE-2018-0848 (office, office_compatibility_pack, word)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0848
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka &quot;Microsoft Word Remote Code Execution Vulnerability&quot;. This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.2018-01-22T23:29:00ZCVE-2018-0849 (office, office_compatibility_pack, word)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0849
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka &quot;Microsoft Word Remote Code Execution Vulnerability&quot;. This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.2018-01-22T23:29:00ZCVE-2018-0862 (office, office_compatibility_pack, word)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0862
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka &quot;Microsoft Word Remote Code Execution Vulnerability&quot;. This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.2018-01-22T23:29:00ZCVE-2018-6014 (subsonic)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6014
Subsonic v6.1.3 has an insecure allow-access-from domain=&quot;*&quot; Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data.2018-01-23T00:29:00ZCVE-2016-5345 (android)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5345
Buffer overflow in the Qualcomm radio driver in Android before 2017-01-05 on Android One devices allows local users to gain privileges via a crafted application, aka Android internal bug 32639452 and Qualcomm internal bug CR1079713.2018-01-23T01:29:00ZCVE-2017-16590 (enterprise_manager)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16590
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. User interaction is required to exploit this vulnerability. The specific flaw exists within the MainFilter servlet. The issue results from the lack of proper string matching inside the doFilter method. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of Administrator. Was ZDI-CAN-5099.2018-01-23T01:29:00ZCVE-2017-16608 (enterprise_manager)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16608
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749.2018-01-23T01:29:01ZCVE-2017-17406 (enterprise_manager)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17406
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within an exposed RMI registry, which listens on TCP ports 1800 and 1850 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Was ZDI-CAN-4753.2018-01-23T01:29:01ZCVE-2017-17407 (enterprise_manager)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17407
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content parameter provided to the script_test.jsp endpoint. A crafted content request parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code under the context of the web service. Was ZDI-CAN-5080.2018-01-23T01:29:01ZCVE-2017-18049 (silverstripe)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18049
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the &quot;First Name&quot; field of a user's /myprofile page.2018-01-23T06:29:00ZCVE-2018-6022 (nonecms)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6022
Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter.2018-01-23T06:29:00ZCVE-2018-6029 (nonecms)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6029
The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the &quot;csdn&quot; substring.2018-01-23T06:29:00ZCVE-2015-1142857 (82576_firmware, 82599_firmware, dpdk, i350_firmware, linux_kernel_i40e/i40evf, linux_kernel_ixgbe, x540_firmware, x710_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1142857
On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected.2018-01-23T14:29:00ZCVE-2017-15090 (recursor)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15090
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.2018-01-23T15:29:00ZCVE-2017-15091 (authoritative)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15091
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.2018-01-23T15:29:00ZCVE-2017-15092 (recursor)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15092
A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.2018-01-23T15:29:00ZCVE-2017-15093 (recursor)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15093
When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.2018-01-23T15:29:00ZCVE-2017-15105 (debian_linux, unbound)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15105
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.2018-01-23T16:29:00ZCVE-2017-15107 (dnsmasq)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15107
A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.2018-01-23T16:29:00ZCVE-2017-2740 (thinpro)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2740
A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device.2018-01-23T16:29:00ZCVE-2017-2741 (d3q15a_firmware, d3q15b_firmware, d3q15d_firmware, d3q16a_firmware, d3q16b_firmware, d3q16c_firmware, d3q16d_firmware, d3q17a_firmware, d3q17c_firmware, d3q17d_firmware, d3q19a_firmware, d3q19d_firmware, d3q20a_firmware, d3q20b_firmware, d3q20c_firmware, d3q20d_firmware, d3q21a_firmware, d3q21c_firmware, d3q21d_firmware, d9l20a_firmware, d9l21a_firmware, d9l63a_firmware, d9l64a_firmware, j3p68a_firmware, j6u55a_firmware, j6u55b_firmware, j6u55c_firmware, j6u55d_firmware, j6u57b_firmware, j9v80a_firmware, j9v80b_firmware, j9v82a_firmware, j9v82b_firmware, j9v82c_firmware, j9v82d_firmware, k9z76a_firmware, k9z76d_firmware, t0g70a_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2741
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.2018-01-23T16:29:00ZCVE-2017-2743 (2a68a_firmware, 2a69a_firmware, 2a70a_firmware, 2a71a_firmware, a2w75a_firmware, a2w76a_firmware, a2w77a_firmware, a2w78a_firmware, a2w79a_firmware, b3g85a_firmware, b5l04a_firmware, b5l05a_firmware, b5l07a_firmware, b5l23a_firmware, b5l24a_firmware, b5l25a_firmware, b5l26a_firmware, b5l46a_firmware, b5l47a_firmware, b5l48a_firmware, c2s11a_firmware, c2s12a_firmware, cc419a_firmware, cc420a_firmware, cc421a_firmware, cc522a_firmware, cc523a_firmware, cc524a_firmware, cd644a_firmware, cd645a_firmware, cd646a_firmware, ce503a_firmware, ce504a_firmware, ce707a_firmware, ce708a_firmware, ce709a_firmware, ce738a_firmware, ce989a_firmware, ce990a_firmware, ce991a_firmware, ce992a_firmware, ce993a_firmware, ce994a_firmware, ce995a_firmware, ce996a_firmware, cf066a_firmware, cf067a_firmware, cf068a_firmware, cf069a_firmware, cf081a_firmware, cf082a_firmware, cf083a_firmware, cf116a_firmware, cf117a_firmware, cf118a_firmware, cf235a_firmware, cf236a_firmware, cf238a_firmware, cf367a_firmware, cz244a_firmware, cz245a_firmware, d3l08a_firmware, d3l09a_firmware, d3l10a_firmware, d7p70a_firmware, d7p71a_firmware, e6b67a_firmware, e6b68a_firmware, e6b69a_firmware, e6b70a_firmware, e6b71a_firmware, e6b72a_firmware, e6b73a_firmware, f2a76a_firmware, f2a77a_firmware, f2a81a_firmware, g1w39a_firmware, g1w40a_firmware, g1w41a_firmware, g1w46a_firmware, g1w46v_firmware, g1w47a_firmware, g1w47v_firmware, j7x28a_firmware, l2717a_firmware, l3u42a_firmware, l3u43a_firmware, l3u44a_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2743
HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.2018-01-23T16:29:01ZCVE-2017-2747 (110_firmware, 310_firmware, 315_firmware, 330_firmware, 335_firmware, 360_firmware, 365_firmware, 370_firmware, 375_firmware, 560_firmware, 570_firmware, t1300_firmware, t1500_firmware, t1530_firmware, t2300_firmware, t2500_firmware, t2530_firmware, t3500_firmware, t790_firmware, t795_firmware, t920_firmware, t930_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2747
HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.2018-01-23T16:29:01ZCVE-2017-18030 (qemu)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18030
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.2018-01-23T18:29:00ZCVE-2018-5683 (qemu)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5683
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.2018-01-23T18:29:00ZCVE-2018-5749 (minecraft_servers_list_lite, premium_minecraft_servers_list)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5749
install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter.2018-01-23T19:29:00ZCVE-2017-15531 (reporter)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15531
Symantec Reporter 9.5 prior to 9.5.4.1 and 10.x prior to 10.2 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.2018-01-23T20:29:00ZCVE-2017-12632 (nifi)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12632
A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-01-23T22:29:00ZCVE-2017-15697 (nifi)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15697
A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-01-23T22:29:00ZCVE-2018-5969 (photography_cms)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5969
Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account.2018-01-24T10:29:00ZCVE-2018-5976 (rsvp_invitation_online)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5976
Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password.2018-01-24T10:29:00ZCVE-2018-6184 (next.js)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6184
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.2018-01-24T10:29:01ZCVE-2017-1000475 (freesshd)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000475
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.2018-01-24T14:29:00ZCVE-2017-13696 (diskpulse, disksavvy, dupscout, syncbreeze)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13696
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request.2018-01-24T15:29:01ZCVE-2017-15135 (389_directory_server)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15135
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.2018-01-24T15:29:01ZCVE-2018-5319 (filehub_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5319
RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request.2018-01-24T15:29:01ZCVE-2018-6017 (tinder)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6017
Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.2018-01-24T15:29:01ZCVE-2018-6018 (tinder)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6018
Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic.2018-01-24T15:29:01ZCVE-2018-4834 (pxc00/50/100/200-e.d_firmware, pxc00/64/128-u_firmware, pxc001-e.d_firmware, pxc12/22/36-e.d_firmware, pxm20-e_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4834
A vulnerability has been identified in Desigo Automation Controllers Compact PXC12/22/36-E.D, Desigo Automation Controllers Modular PXC00/50/100/200-E.D, Desigo Automation Controllers PXC00/64/128-U with Web module, Desigo Automation Controllers for Integration PXC001-E.D, Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.2018-01-24T16:29:00ZCVE-2017-1000474 (vehicle_sales_management_system)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000474
Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing.2018-01-24T22:29:00ZCVE-2017-1000502 (ec2)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000502
Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only granted to administrators.2018-01-24T23:29:00ZCVE-2017-1000503 (jenkins)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000503
A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.2018-01-24T23:29:00ZCVE-2017-1000504 (jenkins)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000504
A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the 'Please wait while Jenkins is getting ready to work' message but Cross-Site Request Forgery (CSRF) protection may not yet be effective.2018-01-24T23:29:00ZCVE-2018-1000006 (electron)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000006
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.2018-01-24T23:29:00ZCVE-2018-1047 (jboss_wildfly_application_server)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1047
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.2018-01-24T23:29:00ZCVE-2018-1048 (jboss_enterprise_application_platform)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1048
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.2018-01-24T23:29:00ZCVE-2017-15546 (rsa_authentication_manager)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15546
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database.2018-01-25T03:29:00ZCVE-2018-5967 (wf2419_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5967
Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page.2018-01-25T08:29:00ZCVE-2018-6217 (kingsoft_wps_office)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6217
The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 allows remote attackers to cause a denial of service (application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.2018-01-25T08:29:00ZCVE-2018-6308 (sugarcrm)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6308
Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php.2018-01-25T08:29:00ZCVE-2017-15365 (fedora, mariadb, xtradb_cluster)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15365
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.2018-01-25T16:29:00ZCVE-2018-5748 (libvirt)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5748
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.2018-01-25T16:29:00ZCVE-2018-5997 (filehub_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5997
An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root.2018-01-25T17:29:00ZCVE-2017-15132 (dovecot)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15132
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.2018-01-25T20:29:00ZCVE-2018-1051 (resteasy)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1051
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.2018-01-25T20:29:00ZCVE-2017-15703 (nifi)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15703
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2018-01-25T21:29:00ZCVE-2018-5447 (pcs-9611_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5447
An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resources and affect the availability of the system.2018-01-25T22:29:00ZCVE-2018-6315 (libming)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6315
The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.2018-01-25T22:29:00ZCVE-2016-10710 (secure_file_transfer)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10710
Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.2018-01-25T23:29:00ZCVE-2017-3762 (fingerprint_manager_pro)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3762
Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.2018-01-26T01:29:00ZCVE-2017-1000386 (active_choices)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000386
Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Active Choices now sanitizes the HTML inserted on the 'Build With Parameters' page if and only if the script is executed in a sandbox. As unsandboxed scripts are subject to administrator approval, it is up to the administrator to allow or disallow problematic script output.2018-01-26T02:29:00ZCVE-2017-1000389 (global-build-stats)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000389
Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting vulnerability. Additionally, some URLs provided by global-build-stats plugin that modify data did not require POST requests to be sent, resulting in a potential cross-site request forgery vulnerability.2018-01-26T02:29:00ZCVE-2017-1000398 (jenkins)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000398
The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed information about tasks (typically builds) currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only shows information about accessible tasks.2018-01-26T02:29:01ZCVE-2017-1000401 (jenkins)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000401
The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, &lt;f:password/&gt;, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files. Form validation for &lt;f:password/&gt; is now always sent via POST, which is typically not logged.2018-01-26T02:29:01ZCVE-2017-1000403 (speaks!)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000403
Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.2018-01-26T02:29:01ZCVE-2017-14592 (sourcetree)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14592
Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability.2018-01-26T02:29:02ZCVE-2017-14593 (sourcetree)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14593
Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability2018-01-26T02:29:02ZCVE-2018-1342 (access_manager)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1342
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.2018-01-26T02:29:03ZCVE-2018-6323 (binutils)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6323
The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-01-26T08:29:00ZCVE-2017-2166 (groupsession)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2166
Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2018-01-26T16:29:00ZCVE-2018-0506 (nootka)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0506
Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2018-01-26T16:29:00ZCVE-2018-0507 (flet's_virus_clear_easy_setup_&_application_tool, flet's_virus_clear_v6_easy_setup_&_application_tool)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0507
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup &amp; Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup &amp; Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-01-26T16:29:00ZCVE-2017-18076 (debian_linux, omniauth)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18076
In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.2018-01-26T19:29:00ZCVE-2017-3768 (bladecenter_hs22_firmware, bladecenter_hs23_firmware, bladecenter_hs23e_firmware, flex_system_x220_m4_firmware, flex_system_x222_m4_firmware, flex_system_x240_m4_firmware, flex_system_x240_m5_firmware, flex_system_x280_m4_firmware, flex_system_x280_x6_firmware, flex_system_x440_m4_firmware, flex_system_x480_m4_firmware, flex_system_x480_x6_firmware, flex_system_x880_firmware, flex_system_x880_m4_firmware, idataplex_dx360_m4_firmware, idataplex_dx360_m4_water_cooled_firmware, nextscale_nx360_m4_firmware, nextscale_nx360_m5_firmware, system_x3100_m4_firmware, system_x3100_m5_firmware, system_x3250_m4_firmware, system_x3250_m5_firmware, system_x3250_m6_firmware, system_x3300_m4_firmware, system_x3500_m4_firmware, system_x3500_m5_firmware, system_x3530_m4_firmware, system_x3550_m4_firmware, system_x3550_m5_firmware, system_x3630_m4_firmware, system_x3650_m4_bd_firmware, system_x3650_m4_firmware, system_x3650_m4_hd_firmware, system_x3650_m5_firmware, system_x3750_m4_firmware, system_x3850_x6_firmware, system_x3950_x6_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3768
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease.2018-01-26T19:29:00ZCVE-2018-6015 (email_subscribers_&_newsletters)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6015
An issue was discovered in the &quot;Email Subscribers &amp; Newsletters&quot; plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data.2018-01-26T20:29:01ZCVE-2017-18077 (brace_expansion)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18077
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.2018-01-27T12:29:00ZCVE-2018-6352 (podofo)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6352
In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.2018-01-27T15:29:00ZCVE-2018-6353 (electrum)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6353
The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.2018-01-27T15:29:00ZCVE-2018-6354 (formspree)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6354
templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter.2018-01-27T15:29:00ZCVE-2018-6357 (social_media_widget)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6357
The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS.2018-01-27T17:29:00ZCVE-2018-6358 (libming)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6358
The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file.2018-01-27T21:29:00ZCVE-2018-6359 (libming)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6359
The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.2018-01-27T21:29:00ZCVE-2017-18079 (linux_kernel)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18079
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port-&gt;exists value can change after it is validated.2018-01-29T05:29:00ZCVE-2018-6007 (js_support_ticket)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6007
CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket.2018-01-29T05:29:00ZCVE-2018-6008 (jtag_members_directory)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6008
Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.2018-01-29T05:29:00ZCVE-2018-6363 (task_rabbit_clone)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6363
SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.2018-01-29T05:29:00ZCVE-2018-6364 (multilanguage_real_estate_mlm_script)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6364
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.2018-01-29T05:29:00ZCVE-2018-6365 (tsitebuilder)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6365
SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.2018-01-29T05:29:00ZCVE-2018-6367 (i-tech_buddy_zone_facebook_clone)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6367
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.2018-01-29T05:29:00ZCVE-2017-14190 (fortios)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14190
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted &quot;Host&quot; header in user HTTP requests.2018-01-29T16:29:00ZCVE-2017-1779 (cognos_analytics)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1779
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.2018-01-29T16:29:00ZCVE-2017-1783 (cognos_analytics)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1783
IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.2018-01-29T16:29:00ZCVE-2017-1784 (cognos_analytics)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1784
IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.2018-01-29T16:29:00ZCVE-2018-1364 (content_navigator)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1364
IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449.2018-01-29T16:29:00ZCVE-2017-1000353 (jenkins)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000353
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.2018-01-29T17:29:00ZCVE-2017-1000354 (jenkins)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000354
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.2018-01-29T17:29:00ZCVE-2017-1000355 (jenkins)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000355
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.2018-01-29T17:29:00ZCVE-2017-1000356 (jenkins)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000356
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.2018-01-29T17:29:00ZCVE-2018-6381 (zziplib)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6381
In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file-&gt;stored data.2018-01-29T17:29:00ZCVE-2018-6387 (ib-wra150n_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6387
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account.2018-01-29T18:29:00ZCVE-2018-6388 (ib-wra150n_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6388
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page.2018-01-29T18:29:00ZCVE-2018-6390 (wps_office)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6390
The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.2018-01-29T19:29:01ZCVE-2018-6391 (wf2419_firmware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6391
A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.2018-01-29T19:29:01ZCVE-2018-6392 (ffmpeg)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6392
The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.2018-01-29T19:29:01ZCVE-2018-3835 (ptex)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3835
An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution.2018-01-29T20:29:00ZCVE-2018-6393 (freepbx)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6393
** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can &quot;directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.&quot;2018-01-29T20:29:00ZCVE-2018-6382 (mantisbt)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6382
MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address,2018-01-30T06:29:00ZCVE-2018-6395 (visual_calendar)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6395
SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action.2018-01-30T15:29:00ZCVE-2018-6397 (picture_calendar)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6397
Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter.2018-01-30T15:29:00ZCVE-2018-6398 (event_calendar)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6398
SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.2018-01-30T15:29:00ZCVE-2017-17969 (7-zip, debian_linux, p7zip)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17969
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.2018-01-30T16:29:00ZCVE-2018-6376 (joomla!)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6376
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.2018-01-30T17:29:00ZCVE-2018-6377 (joomla!)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6377
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox2018-01-30T17:29:00ZCVE-2018-6379 (joomla!)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6379
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.2018-01-30T17:29:00ZCVE-2018-6380 (joomla!)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6380
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.2018-01-30T17:29:00ZCVE-2017-1731 (websphere_application_server)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1731
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges.2018-01-30T18:29:00ZCVE-2018-6194 (splashing_images)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6194
A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php.2018-01-30T20:29:00ZCVE-2018-6195 (splashing_images)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6195
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.2018-01-30T20:29:00ZCVE-2018-6405 (imagemagick)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6405
In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.2018-01-30T21:29:00ZCVE-2018-1000001 (glibc)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000001
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.2018-01-31T14:29:00ZCVE-2017-1233 (bigfix_remote_control)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1233
IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912.2018-01-31T15:29:00ZCVE-2017-1773 (datapower_gateway)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1773
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.2018-01-31T15:29:00ZCVE-2014-1631 (eventum)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1631
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.2018-01-31T18:29:00ZCVE-2014-1632 (eventum)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1632
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.2018-01-31T18:29:00ZCVE-2018-5701 (system_shield)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5701
In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003.2018-01-31T18:29:00ZCVE-2018-5996 (7-zip, debian_linux, p7zip)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5996
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.2018-01-31T18:29:00ZCVE-2018-6464 (simditor)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6464
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.2018-01-31T18:29:00ZCVE-2018-6465 (propertyhive)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6465
The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.2018-01-31T18:29:00ZCVE-2018-6471 (superantispyware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6471
In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078.2018-01-31T19:29:00ZCVE-2018-6472 (superantispyware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6472
In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c.2018-01-31T19:29:00ZCVE-2018-6473 (superantispyware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6473
In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402080.2018-01-31T19:29:00ZCVE-2018-6474 (superantispyware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6474
In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148.2018-01-31T19:29:00ZCVE-2018-6475 (superantispyware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6475
In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges.2018-01-31T19:29:00ZCVE-2018-6476 (superantispyware)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6476
In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c.2018-01-31T19:29:00ZCVE-2017-16928 (arq)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16928
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.2018-01-31T20:29:00ZCVE-2017-16945 (arq)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16945
The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.2018-01-31T20:29:00ZCVE-2017-16911 (linux_kernel)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16911
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.2018-01-31T22:29:00ZCVE-2017-16912 (linux_kernel)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16912
The &quot;get_pipe()&quot; function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.2018-01-31T22:29:00ZCVE-2017-16913 (linux_kernel)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16913
The &quot;stub_recv_cmd_submit()&quot; function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.2018-01-31T22:29:00ZCVE-2017-16914 (linux_kernel)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16914
The &quot;stub_send_ret_submit()&quot; function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.2018-01-31T22:29:00ZCVE-2017-1000408 (glibc)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000408
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.2018-02-01T04:29:00ZCVE-2017-1000409 (glibc)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000409
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.2018-02-01T04:29:00ZCVE-2018-6484 (zziplib)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6484
In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-01T05:29:00ZCVE-2018-6470 (nibbleblog)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6470
Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak.2018-02-01T13:29:00ZCVE-2018-0508 (kkcald)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0508
Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2018-02-01T14:29:00ZCVE-2018-0509 (kkcald)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0509
Cross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.2018-02-01T14:29:00ZCVE-2018-0510 (kkcald)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0510
Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlier allows remote attackers to perform unintended operations or execute DoS (denial of service) attacks via unspecified vectors.2018-02-01T14:29:00ZCVE-2018-0511 (wp_retina_2x)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0511
Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2018-02-01T14:29:00ZCVE-2013-7435 (evergreen)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7435
The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.2018-02-01T17:29:00ZCVE-2014-3244 (sugarcrm)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3244
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.2018-02-01T17:29:00ZCVE-2015-2203 (evergreen)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2203
Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.2018-02-01T17:29:01ZCVE-2015-2204 (evergreen)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2204
Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided.2018-02-01T17:29:01ZCVE-2018-6520 (simplesamlphp)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6520
SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.2018-02-02T01:29:00ZCVE-2018-6521 (simplesamlphp)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6521
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.2018-02-02T01:29:00ZCVE-2018-6522 (nprotect_avs)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6522
In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408.2018-02-02T01:29:00ZCVE-2018-6523 (nprotect_avs)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6523
In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c.2018-02-02T01:29:00ZCVE-2018-6524 (nprotect_avs)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6524
In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20.2018-02-02T01:29:00ZCVE-2018-6525 (nprotect_avs)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6525
In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458.2018-02-02T01:29:00ZCVE-2017-18120 (gifsicle)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18120
A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.2018-02-02T09:29:00ZCVE-2018-6537 (syncbreeze)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6537
A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121.2018-02-02T09:29:00ZCVE-2018-6540 (zziplib)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6540
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-02T09:29:00ZCVE-2018-6541 (zziplib)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6541
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-02-02T09:29:00ZCVE-2018-6542 (zziplib)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6542
In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.2018-02-02T09:29:00ZCVE-2018-6543 (binutils)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6543
In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2018-02-02T09:29:00ZCVE-2018-6544 (mupdf)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6544
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.2018-02-02T09:29:00ZCVE-2018-6545 (moveit)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6545
Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.2018-02-02T09:29:00ZCVE-2018-6550 (monstra)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6550
Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.2018-02-02T09:29:00ZCVE-2017-14177 (apport, ubuntu_linux)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14177
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.2018-02-02T14:29:00ZCVE-2017-14178 (snapd)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14178
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.2018-02-02T14:29:00ZCVE-2017-14179 (apport, ubuntu_linux)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14179
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.2018-02-02T14:29:00ZCVE-2017-14180 (apport, ubuntu_linux)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14180
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.2018-02-02T14:29:00ZCVE-2017-18034 (crucible, fisheye)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18034
The source browse resource in Atlassian FishEye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.2018-02-02T14:29:00ZCVE-2017-18035 (crucible, fisheye)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18035
The /rest/review-coverage-chart/1.0/data/&lt;repository_name&gt;/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.2018-02-02T14:29:00ZCVE-2017-18036 (bitbucket)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18036
The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.2018-02-02T14:29:00ZCVE-2017-18038 (bitbucket)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18038
The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.2018-02-02T14:29:00ZCVE-2017-18039 (jira)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18039
The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.2018-02-02T14:29:00ZCVE-2017-18040 (bamboo)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18040
The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.2018-02-02T14:29:00ZCVE-2017-18041 (bamboo)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18041
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.2018-02-02T14:29:00ZCVE-2017-18042 (bamboo)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18042
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.2018-02-02T14:29:00ZCVE-2017-18080 (bamboo)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18080
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.2018-02-02T14:29:01ZCVE-2017-18081 (bamboo)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18081
The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.2018-02-02T14:29:01ZCVE-2017-18082 (bamboo)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18082
The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.2018-02-02T14:29:01ZCVE-2017-18083 (confluence)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18083
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.2018-02-02T14:29:01ZCVE-2017-18084 (confluence)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18084
The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.2018-02-02T14:29:01ZCVE-2017-18085 (confluence)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18085
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.2018-02-02T14:29:01ZCVE-2017-18086 (confluence)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18086
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.2018-02-02T14:29:01ZCVE-2017-18121 (debian_linux, simplesamlphp)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18121
The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.2018-02-02T15:29:00ZCVE-2017-18122 (debian_linux, simplesamlphp)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18122
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.2018-02-02T15:29:00ZCVE-2017-5727 (graphics_driver)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5727
Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access.2018-02-02T15:29:00ZCVE-2018-6561 (dojo)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6561
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.2018-02-02T15:29:00ZCVE-2018-6575 (classified)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6575
SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&amp;sid= request.2018-02-02T17:29:00ZCVE-2018-6576 (event_manager)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6576
SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.2018-02-02T17:29:00ZCVE-2018-6577 (membership)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6577
SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&amp;task=myplans.usersubscriptions request.2018-02-02T17:29:00ZCVE-2018-6578 (je_paypervideo)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6578
SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&amp;task=myplans.usersubscriptions request.2018-02-02T17:29:00ZCVE-2018-6579 (reverse_auction)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6579
SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&amp;uid= request.2018-02-02T17:29:00ZCVE-2018-6580 (jimtawl)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6580
Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&amp;task=upload&amp;pop=true&amp;tmpl=component request.2018-02-02T17:29:00ZCVE-2018-6581 (jms_music)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6581
SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.2018-02-02T17:29:00ZCVE-2014-1834 (echor)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1834
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.2018-02-02T21:29:00ZCVE-2014-1835 (echor)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1835
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.2018-02-02T21:29:00ZCVE-2015-2796 (projectpier)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2796
Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php.2018-02-02T21:29:00ZCVE-2016-0300 (tririga_application_platform)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0300
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412.2018-02-02T21:29:00ZCVE-2016-0303 (tivoli_integrated_portal)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0303
Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-02-02T21:29:00ZCVE-2016-0311 (tivoli_business_service_manager)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0311
Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111480.2018-02-02T21:29:00ZCVE-2016-0312 (tririga_application_platform)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0312
IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. IBM X-Force ID: 111486.2018-02-02T21:29:00ZCVE-2016-0329 (emptoris_sourcing)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0329
Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692.2018-02-02T21:29:00ZCVE-2016-0342 (tririga_application_platform)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0342
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID: 111783.2018-02-02T21:29:00ZCVE-2018-5261 (diskboss)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5261
An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener.2018-02-02T21:29:00ZCVE-2018-6317 (claymore_dual_miner)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6317
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.2018-02-02T21:29:00ZCVE-2018-6318 (sophos_tester)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6318
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.2018-02-02T21:29:00ZCVE-2018-6319 (sophos_tester)https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6319
In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine.2018-02-02T21:29:00Z